Medusa
Store APIAdmin API
Store APIAdmin API
Discord
Twitter
Linkedin
Github
  1. Store API
  • Introduction
  • Authentication
  • HTTP Compression
  • Publishable API Key
  • Expanding Fields
  • Selecting Fields
  • Query Parameter Types
  • Pagination
  • Currencies
    • List Currencies
      GET
    • Get a Currency
      GET
  • Payment Providers
    • List Payment Providers
      GET
  • Return Reasons
    • List Return Reasons
      GET
    • Get a Return Reason
      GET
  • Auth
    • Retrieve Registration JWT Token
      POST
    • Authenticate Customer
      POST
    • Generate Reset Password Token for Customer
      POST
    • Refresh Authentication Token
      POST
    • Validate Authentication Callback
      POST
    • Delete Authentication Session
      DELETE
    • Set Authentication Session
      POST
    • Reset a Customer's Password
      POST
  • Collections
    • List Collections
      GET
    • Get a Collection
      GET
  • Regions
    • List Regions
      GET
    • Get a Region
      GET
  • Products
    • List Products
    • Get a Product
  • Customers
    • Get Logged-in Customer
    • Update Customer
    • Create Address for Logged-In Customer
    • List Customer's Addresses
    • Get Customer's Address
    • Update Customer's Address
    • Remove Customer's Address
    • Register Customer
  • Product Tags
    • List Product Tags
    • Get a Product Tag
  • Returns
    • Create Return
  • Product Types
    • Get a Product Type
    • List Product Types
  • Product Categories
    • List Product Categories
    • Get a Product Category
  • Carts
    • Create Cart
    • Set Cart's Customer
    • Add Shipping Method to Cart
    • Add Line Item to Cart
    • Calculate Cart Taxes
    • Get a Cart
    • Update a Cart
    • Update a Line Item in a Cart
    • Remove Line Item from Cart
    • Complete Cart
    • Add Promotions to Cart
    • Remove Promotions from Cart
  • Orders
    • List Logged-in Customer's Orders
    • Request Order Transfer
    • Get an Order
    • Cancel Order Transfer
    • Decline Order Transfer
    • Accept Order Transfer
  • Payment Collections
    • Initialize Payment Session of a Payment Collection
    • Create Payment Collection
  • Shipping Options
    • Calculate Shipping Option Price
    • List Shipping Options for Cart
  1. Store API

Authentication

There are two ways to send authenticated requests to the Medusa server: Using a JWT token or using a Cookie Session ID.

JWT Token#

Use a JWT token to send authenticated requests. Authentication state is managed by the client, which is ideal for Jamstack applications and mobile applications.

How to Obtain the JWT Token#

JWT tokens are obtained by sending a request to the Customer Login (JWT) endpoint passing it the customer's email and password in the request body. For example:
If authenticated successfully, an object is returned in the response with the property access_token being the JWT token.

How to Use the JWT Token#

The JWT token can be used for Bearer Authentication. It's passed in the
Authorization header as the following:

Cookie Session ID#

Use a cookie session to send authenticated requests.

How to Obtain the Cookie Session#

If you're sending requests through a browser, using Medusa's JS and Medusa React clients, or using
tools like Postman, the cookie session should be automatically set when
the customer is logged in.
If you're sending requests using cURL, you must set the Session ID in the cookie manually.
To do that, send a request to authenticate the customer and pass the cURL option -v:
The headers will be logged in the terminal as well as the response. You should find in the headers a Cookie header similar to this:
Copy the value after connect.sid (without the ; at the end) and pass it as a cookie in subsequent requests as the following:
Where {sid} is the value of connect.sid that you copied.
If you're sending requests using JavaScript's Fetch API, you must pass the credentials option with the value include to all the requests you're sending. For example:
Modified at 2023-10-10 11:56:42
Previous
Introduction
Next
HTTP Compression
Built with